Total
541 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0156 | 1 Cisco | 149 Catalyst 2960-plus 24lc-l, Catalyst 2960-plus 24lc-s, Catalyst 2960-plus 24pc-l and 146 more | 2026-01-13 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673. | |||||
| CVE-2017-12319 | 1 Cisco | 198 1000 Integrated Services Router, 1100-4g\/6g Integrated Services Router, 1100-4g Integrated Services Router and 195 more | 2026-01-13 | 7.1 HIGH | 5.9 MEDIUM |
| A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. The vulnerability exists due to changes in the implementation of the BGP MPLS-Based Ethernet VPN RFC (RFC 7432) draft between IOS XE software releases. When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated. An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS. The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. This vulnerability affects all releases of Cisco IOS XE Software prior to software release 16.3 that support BGP EVPN configurations. If the device is not configured for EVPN, it is not vulnerable. Cisco Bug IDs: CSCui67191, CSCvg52875. | |||||
| CVE-2018-0151 | 1 Cisco | 1 Ios Xe | 2026-01-13 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881. | |||||
| CVE-2025-20338 | 1 Cisco | 1 Ios Xe | 2025-11-14 | N/A | 6.0 MEDIUM |
| A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root. | |||||
| CVE-2023-44487 | 32 Akka, Amazon, Apache and 29 more | 313 Http Server, Opensearch Data Prepper, Apisix and 310 more | 2025-11-07 | N/A | 7.5 HIGH |
| The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |||||
| CVE-2021-27853 | 3 Cisco, Ieee, Ietf | 308 Catalyst 3650-12x48fd-e, Catalyst 3650-12x48fd-l, Catalyst 3650-12x48fd-s and 305 more | 2025-11-04 | N/A | 4.7 MEDIUM |
| Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. | |||||
| CVE-2018-0197 | 1 Cisco | 2 Ios, Ios Xe | 2025-10-30 | 3.3 LOW | 6.5 MEDIUM |
| A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software, are operating in VTP client mode or VTP server mode, and do not have a VTP domain name configured. The default configuration for Cisco devices that are running Cisco IOS Software or Cisco IOS XE Software and support VTP is to operate in VTP server mode with no domain name configured. | |||||
| CVE-2021-34770 | 1 Cisco | 11 Catalyst 9800, Catalyst 9800-40, Catalyst 9800-40 Wireless Controller and 8 more | 2025-10-30 | 9.0 HIGH | 10.0 CRITICAL |
| A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition. | |||||
| CVE-2021-34705 | 1 Cisco | 2 Ios, Ios Xe | 2025-10-30 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A successful exploit could allow the attacker to conduct toll fraud, resulting in unexpected financial impact to affected customers. | |||||
| CVE-2021-34767 | 1 Cisco | 9 Catalyst 9800, Catalyst 9800-40, Catalyst 9800-80 and 6 more | 2025-10-30 | 3.3 LOW | 7.4 HIGH |
| A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that VLAN. The vulnerability is due to a logic error when processing specific link-local IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that would flow inbound through the wired interface of an affected device. A successful exploit could allow the attacker to cause traffic drops in the affected VLAN, thus triggering the DoS condition. | |||||
| CVE-2025-20169 | 1 Cisco | 2 Ios, Ios Xe | 2025-10-30 | N/A | 7.7 HIGH |
| A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system. | |||||
| CVE-2023-20273 | 1 Cisco | 124 Catalyst 3650, Catalyst 3650-12x48fd-e, Catalyst 3650-12x48fd-l and 121 more | 2025-10-28 | N/A | 7.2 HIGH |
| A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. | |||||
| CVE-2023-20198 | 2 Cisco, Rockwellautomation | 5 Ios Xe, Allen-bradley Stratix 5200, Allen-bradley Stratix 5200 Firmware and 2 more | 2025-10-28 | N/A | 10.0 CRITICAL |
| Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343. | |||||
| CVE-2023-20109 | 1 Cisco | 2 Ios, Ios Xe | 2025-10-28 | N/A | 6.6 MEDIUM |
| A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details ["#details"] section of this advisory. | |||||
| CVE-2025-20352 | 1 Cisco | 3 Ios, Ios Xe, Ios Xe Sd-wan | 2025-10-28 | N/A | 7.7 HIGH |
| A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials. An authenticated, remote attacker with high privileges could execute code as the root user on an affected device that is running Cisco IOS XE Software. To execute code as the root user, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials and administrative or privilege 15 credentials on the affected device. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks. This vulnerability is due to a stack overflow condition in the SNMP subsystem of the affected software. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system. Note: This vulnerability affects all versions of SNMP. | |||||
| CVE-2019-1761 | 1 Cisco | 2 Ios, Ios Xe | 2025-09-11 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device. | |||||
| CVE-2021-1620 | 1 Cisco | 2 Ios, Ios Xe | 2025-09-11 | 3.5 LOW | 7.7 HIGH |
| A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit could allow the attacker to exhaust the IP addresses from the assigned local pool, which prevents users from logging in and leads to a denial of service (DoS) condition. | |||||
| CVE-2024-20312 | 1 Cisco | 2 Ios, Ios Xe | 2025-08-26 | N/A | 7.4 HIGH |
| A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and have formed an adjacency. | |||||
| CVE-2024-20354 | 1 Cisco | 17 Aironet 1530e, Aironet 1530i, Aironet 1552h and 14 more | 2025-08-13 | N/A | 4.7 MEDIUM |
| A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to incomplete cleanup of resources when dropping certain malformed frames. An attacker could exploit this vulnerability by connecting as a wireless client to an affected AP and sending specific malformed frames over the wireless connection. A successful exploit could allow the attacker to cause degradation of service to other clients, which could potentially lead to a complete DoS condition. | |||||
| CVE-2024-20271 | 1 Cisco | 14 Business 140ac, Business 140ac Access Point, Business 141acm and 11 more | 2025-08-06 | N/A | 8.6 HIGH |
| A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets. | |||||